Scribd Logo
Carica

Benvenuto in Scribd!

  • Dumps: Torrent

    Caricato da

    eloualimoh
    115 visualizzazioni9 pagine
    DumpsTorrent

    Titolo originale

    NSE4

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    DumpsTorrent

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    115 visualizzazioni9 pagine

    Dumps: Torrent

    Caricato da

    eloualimoh
    DumpsTorrent

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 9

    DumpsTorrent

    http://www.dumpstorrent.com
    Latest dumps torrent provider, real dumps
    IT Certification Guaranteed, The Easy Way!

    Exam : NSE4

    Title : Fortinet Network Security


    Expert 4 Written Exam (400)

    Vendor : Fortinet

    Version : DEMO

    1
    IT Certification Guaranteed, The Easy Way!

    NO.1 Which are valid replies from a RADIUS server to an ACCESS-REQUEST packet from a FortiGate?
    (Choose two.)
    A. ACCESS-CHALLENGE
    B. ACCESS-RESTRICT
    C. ACCESS-PENDING
    D. ACCESS-REJECT
    Answer: A,D

    NO.2 In which process states is it impossible to interrupt/kill a process? (Choose two.)


    A. S - Sleep
    B. R - Running
    C. D - Uninterruptable Sleep
    D. Z - Zombie
    Answer: C,D

    NO.3 Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE.
    Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B
    shows the command output of diagnose sys session stat for the REMOTE device.
    Exhibit A:

    Exhibit B:

    2
    IT Certification Guaranteed, The Easy Way!

    Given the information provided in the exhibits, which of the following statements are correct?
    (Choose two.)
    A. STUDENT is likely to be the master device.
    B. Session-pickup is likely to be enabled.
    C. The cluster mode is active-passive.
    D. There is not enough information to determine the cluster mode.
    Answer: A,D

    NO.4 Examine the static route configuration shown below; then answer the question following it.
    config router static
    edit 1
    set dst 172.20.1.0 255.255.255.0
    set device port1
    set gateway 172.11.12.1
    set distance 10
    set weight 5
    next
    edit 2
    set dst 172.20.1.0 255.255.255.0
    set blackhole enable
    set distance 5
    set weight 10
    next
    end
    Which of the following statements correctly describes the static routing configuration provided?
    (Choose two.)
    A. All traffic to 172.20.1.0/24 is dropped by the FortiGate.

    3
    IT Certification Guaranteed, The Easy Way!

    B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1.
    if the interface port1 is down, the traffic is routed using the blackhole route.
    C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being
    routed by the blackhole route.
    D. The FortiGate unit creates a session entry in the session table when the traffic is being routed by
    the blackhole route.
    Answer: A,C

    NO.5 Examine the exhibit shown below; then answer the question following it.

    Which of the following statements best describes the green status indicators that appear next to the
    different FortiGuard Distribution Network services as illustrated in the exhibit?
    A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network.
    B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard
    Distribution Network.
    C. They indicate that updates are available and should be downloaded from the FortiGuard
    Distribution Network to the FortiGate unit.
    D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard
    Distribution Network.
    Answer: A

    NO.6 Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)
    A. SSL VPN creates a HTTPS connection. IPsec does not.
    B. Both SSL VPNs and IPsec VPNs are standard protocols.
    C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.
    D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a
    FortiGate device.
    Answer: A,D

    NO.7 Which of the following FSSO agents are required for a DC agent mode solution? (Choose two.)
    A. FSSO agent
    B. DC agent

    4
    IT Certification Guaranteed, The Easy Way!

    C. Collector agent
    D. Radius server
    Answer: B,C

    NO.8 In which order are firewall policies processed on a FortiGate unit?


    A. From top to bottom, according with their sequence number.
    B. From top to bottom, according with their policy ID number.
    C. Based on best match.
    D. Based on the priority value.
    Answer: A

    NO.9 What information is synchronized between two FortiGate units that belong to the same HA
    cluster? (Choose three)
    A. IP addresses assigned to DHCP enabled interface.
    B. The master devices hostname.
    C. Routing configured and state.
    D. Reserved HA management interface IP configuration.
    E. Firewall policies and objects.
    Answer: A,C,E

    NO.10 The exhibit shows a FortiGate routing table.

    Which of the following statements are correct?(Choose two)


    A. There is only one active default route.
    B. The distance values for the route to 192.168.1.0/24 is 200
    C. An IP address in the subnet 172.16.78.0/24 has been assigned to the dmz interface.
    D. The FortiGate will route the traffic to 172.17.1.2 to next hop with the IP address 192.168.11.254
    Answer: A,D

    NO.11 Which statements are correct regarding application control? (Choose two.)
    A. It is based on the IPS engine.
    B. It is based on the AV engine.
    C. It can be applied to SSL encrypted traffic.
    D. It cannot be applied to SSL encrypted traffic.
    Answer: A,C

    NO.12 Which statement regarding the firewall policy authentication timeout is true?

    5
    IT Certification Guaranteed, The Easy Way!

    A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets
    coming from the user's source IP.
    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address
    after this timer has expired.
    C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets
    coming from the user's source MAC.
    D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address
    after this timer has expired.
    Answer: A

    NO.13 Which of the following web filtering modes can inspect the full URL? (Choose two.)
    A. Proxy based
    B. DNS based
    C. Policy based
    D. Flow based
    Answer: A,D

    NO.14 Which of the following are possible actions for FortiGuard web category filtering? (Choose
    three.)
    A. Allow
    B. Block
    C. Exempt
    D. Warning
    E. Shape
    Answer: A,B,D

    NO.15 Which of the following statements are correct concerning the IPsec phase 1 and phase 2,
    shown in the exhibit? (choose two)

    6
    IT Certification Guaranteed, The Easy Way!

    A. The quick mode selector in the remote site must also be 0.0.0.0/0 for the source and destination
    addresses.
    B. Only remote peers with the peer ID 'fortinet' will be able to establish a VPN.
    C. The FortiGate device will automatically add a static route to the source quick mode selector
    address received from each remote VPN peer.
    D. The configuration will work only to establish FortiClient-to-FortiGate tunnels. A FortiGate tunnel
    requires a different configuration.
    Answer: C,D

    NO.16 Which of the following statements is correct concerning multiple vdoms configured in a
    FortiGate device?
    A. FortiGate devices,from the FGT/FWF 60D and above, all support VDOMS.
    B. All FortiGate devices scale to 250 VDOMS.
    C. Each VDOM requires its own FortiGuard license.
    D. FortiGate devices support more NAT/route VDOMs than Transparent Mode VDOMs.
    Answer: A

    NO.17 Which statements are correct for port pairing and forwarding domains? (Choose two.)
    A. They both create separate broadcast domains.
    B. Port Pairing works only for physical interfaces.
    C. Forwarding Domain only applies to virtual interfaces
    D. They may contain physical and/or virtual interfaces.
    Answer: A,D

    NO.18 Which of the following statements are correct regarding a master HA unit? (Choose two)

    7
    IT Certification Guaranteed, The Easy Way!

    A. There should be only one master unit is each HA virtual cluster.


    B. The Master synchronizes cluster configuration with slaves.
    C. Only the master has a reserved management HA interface.
    D. Heartbeat interfaces are not required on a master unit.
    Answer: A,B

    Potrebbero piacerti anche